User Privacy Policy Statement

CESAR ARREDAMENTI S.P.A., registered office in Via Cavalieri di Vittorio Veneto 1/3 30020 Pramaggiore (Ve), Italy, (hereinafter “Controller”), owner of the website www.cesar.it (hereinafter “Site”), as Controller of the personal data of users who navigate and are registered with the Site (hereinafter “Users”) hereunder provides their privacy policy statement in accordance with art. 13 of Legislative Decree 196/2003 (hereinafter “Privacy Code”) and with art. 13 of Regulation (EU) 2016/679 of 27 April 2016 (hereinafter “Regulation”, the Regulation and Privacy Code are both defined as “Applicable Law”).

This Site and any services offered through the Site are reserved for persons who are at least eighteen years of age. The Controller does not collect personal data related to persons who are younger than 18 years of age. On request from Users, the Controller will immediately erase all personal data involuntarily collected and related to persons under 18.

The Controller holds to the utmost degree the right to privacy and protection of personal data of our Users. For any information on this privacy policy statement, Users can contact the Controller at any time by:

Sending a registered letter with return receipt to the controller’s registered office

Sending an e-mail to info@cesar.it

1.Purpose of Processing

The Controller shall process the User’s personal data in accordance with art. 6 of the Regulation for the following purposes:

a) Site navigation, with regard to the ability to collect User data needed for technical reasons, such as IP address, while navigating the site.

b) Response to your request for information, received by us through a specific contact form.

c) Registration to the site’s reserved area, in order to access the customer portal

d) Legal obligations, or for compliance with requirements laid down by the law, an authority, regulation or European rules.

Providing personal data for the purposes mentioned above is optional but necessary. If such information is not provided then the User will be unable to navigate the site, register with the Site or use the services offered by the Controller through the Site.

With regard to the purposes mentioned under points 1/a, 1/b, 1/c, 1/e, the legal basis for processing is, indeed, to execute services provided through the Site and requested by you (in accordance with art. 6(1.b) of Privacy Regulation 2016/679). With regard to the purposes mentioned under point 1/d above, the legal basis for processing is compliance with a legal requirement held by the data controller (in accordance with art. 6(1.c) of Privacy Regulation 2016/679).

2. Processing Method and Duration of Data Retention

The Controller processes the Users’ personal data with manual and digital tools following due process strictly related to the purposes themselves and, in any case, in a manner that guarantees data security and confidentiality.

Site User personal data are retained only for the time needed for the purposes outlined above in section 1, or, in any case, for the time needed for legal protection of the User’s and Controller’s interests. With regard to the purposes mentioned under point 1.b, the data are retained until you object to receiving the newsletter by following the link contained in the newsletter itself or by exercising your rights set forth in section 4.

3. Scope of Data Disclosure

User personal data may be disclosed to the Controller’s employees and/or associates responsible for administrating the Site. Such persons, who are formally appointed by the Controller as “Data Processors”, shall process the User’s data for the sole purposes indicated in this statement and in accordance with the provisions of applicable law.

User personal data may also be disclosed to third parties who may process personal data on behalf of the Controller as “External Data Processors”, such as, for instance, providers of IT and logistics services for administrating the Site, providers of outsourcing or cloud computing services, professionals and consultants.

Users are entitled to obtain a list of any external data processors appointed by the Controller by addressing such request to the Controller as indicated in section 4 below.

4. Data Subject Rights

Users can exercise their rights guaranteed by applicable law by contacting the Controller as follows:

Sending a registered letter with return receipt to the registered office of the Controller

Sending an e-mail to info@cesar.it

In accordance with applicable law, the Controller hereby informs you that Users are entitled to receive indications on (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied for any processing by means of electronic devices; (iv) the contact details of the Controller and External Data Processors; (v) the persons and categories of persons personal data can be disclosed to or who may receive such data as data processors or external data processors.

Furthermore, Users are entitled to:

Access, update, rectify or, where needed, add data;

Erase, make anonymous or block data processed in violation of the law, including data that is not necessary to retain within the scope for which such data was collected or subsequently processed;

A statement that the persons who received the data by disclosure were notified of the actions mentioned under letters a) and b), with the exception of cases where such requirement proves impossible or would entail a disproportionate effort in relation to the right in question.

Furthermore, Users have:

The right to withdraw their consent at any time, where processing is based on such consent;

The right to data portability (the right to receive all personal data concerning him or her in a structured, commonly used and machine-readable format), the right to restrict processing of personal data and the right to erasure (“right to be forgotten”);

The right to object:

The right to lodge a complaint with the Supervisory Authority (in the Member State of residence, where the user works or where the alleged violation took place) if users feel that any processing of their personal data violates the Regulation. The Italian Supervisory Authority is the Data Protection Supervisor, based in Rome (http://www.garanteprivacy.it/).

entirely or partially, for legitimate reasons, to the processing of personal data concerning him or her, though pertinent to the scope of collection;

entirely or partially, to the processing of personal data concerning him or her for the purpose of sending marketing or direct sales material or for conducting market research or advertising;

at any time whenever personal data are processed for the purpose of direct marketing, to the processing of their personal data for that purpose, including any profiling to the extent it is related to such direct marketing.